Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5327 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
|
|||||
| CVE-2010-1341 | 1 Systemsoftware | 1 Community Black Forum | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.
|
|||||
| CVE-2010-1725 | 1 Alibabaclone | 1 Alibaba Clone Platinum | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2013-1434 | 1 Cacti | 1 Cacti | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2357 | 1 Eicrasoft | 1 Eicra Realestate Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-0758 | 1 Softbizscripts | 1 Softbiz Jobs And Recruitment Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2011-1390 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
|
|||||
| CVE-2012-4949 | 1 Esri | 1 Arcgis Server | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
|
|||||
| CVE-2011-4811 | 1 Bst | 1 Bestshoppro | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
|
|||||
| CVE-2010-4872 | 1 Pilotcart | 1 Pilot Cart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
|
|||||
| CVE-2010-4994 | 2 Instantphp, Joomla | 2 Jobs Pro, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.
|
|||||
| CVE-2010-5021 | 1 Cramerdev | 1 Document Library | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
|
|||||
| CVE-2010-4799 | 1 Chipmunk-scripts | 1 Pwngame | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-1708 | 1 Freerealty.rwcinc | 1 Free Realty | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
|
|||||
| CVE-2010-0458 | 1 Netartmedia | 1 Blog System | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.
|
|||||
| CVE-2010-4853 | 2 Chillcreations, Joomla | 2 Com Ccinvoices, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
|
|||||
| CVE-2013-6164 | 1 Projeqtor | 1 Projeqtor | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
|
|||||
| CVE-2010-1006 | 1 Typo3 | 2 Brainstorming, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-3394 | 1 Myrephp | 1 Myre Real Estate Software | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2012-4673 | 1 Thomas Hunter | 1 Neoinvoice | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.
|
|||||
| CVE-2009-4696 | 1 Radscripts | 1 Radnics | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
|
|||||
| CVE-2009-4784 | 2 Joaktree, Joomla | 2 Com Joaktree, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
|
|||||
| CVE-2011-1913 | 1 Mercator | 1 Sentinel | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-4946 | 1 E107 | 1 E107 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
|
|||||
| CVE-2010-4997 | 1 Olykit | 1 Swoopo Clone 2010 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.
|
|||||
| CVE-2010-1026 | 2 Mathon Nicolas, Typo3 | 2 Tmsw Cleandb, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2923 | 2 Joomla, Prasanna | 2 Joomla\!, Com Youtube | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
|
|||||
| CVE-2011-2181 | 1 Reallysimplechat | 1 Really Simple Chat | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php.
|
|||||
| CVE-2012-5167 | 1 Atutor | 1 Acontent | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.
|
|||||
| CVE-2010-4780 | 1 Enanocms | 1 Enano Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-5003 | 2 Autartica, Joomla | 2 Com Autartimonial, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-4823 | 2 Extensionsforjoomla, Joomla | 2 Com Vikrealestate, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
|
|||||
| CVE-2011-5111 | 1 Kajianwebsite | 1 Cms Balitbang | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php.
|
|||||
| CVE-2010-2622 | 2 Joomanager, Joomla | 2 Joomanager, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2010-4844 | 1 Mhproducts | 1 Easy Online Shop | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
|
|||||
| CVE-2012-4258 | 1 Myrephp | 1 Myre Real Estate Software | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
|
|||||
| CVE-2010-2720 | 1 Phpaa | 1 Phpaacms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-5227 | 1 Peel | 1 Peel Shopping | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-6504 | 1 Shawn Bradley | 1 Php Volunteer Management | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4794 | 1 Community Cms | 1 Community Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.
|
|||||